They could, of course, use the file object constructor directly, e.g.:
f = file("/etc/passwd", "w")
On Thu, 20 Aug 2009 08:16:51 -0700, Emanuele D'Arrigo <man...@gmail.com>
wrote:
Sorry for digging this back from the grave.
I've had to chew on it for a little while.
On Aug 8, 1:40 am, Nobody <nob...@nowhere.com> wrote:
If you want to support restricted execution within a language, it
has to be built into the language from day one. Trying to bolt it > on
later is a fool's errand.
Fair enough. In this context, let's say I do this:
import __builtin__
import imp
originalBuiltins = imp.new_module("OriginalBuiltins")
def readOnlyOpen(filename):
return originalBuiltins.open(filename, "r")
__builtin__.open = readOnlyOpen
exec(anUntrustedString, {})
In what ways would the untrusted string be able to obtain the
original, built-in open function and open a file for writing?
Manu
--
Rami Chowdhury
"Never attribute to malice that which can be attributed to stupidity" --
Hanlon's Razor
408-597-7068 (US) / 07875-841-046 (UK) / 0189-245544 (BD)
--
http://mail.python.org/mailman/listinfo/python-list
